Integrate telegraf not working as expected

StefanW · ‎02-02-2021

Hello,

i read hundreds of articels, but its not working well. i try to gather data through telegraf from my snmp devices or other linux devices.

First i install on a linux device telegraf 1.17. Create a simple input file

[[inputs.diskio]]

and a file output

[[outputs.file]]
  ## Files to write to, "stdout" is a specially handled file.
 files = ["stdout", "/var/snmplog/metrics.out"]
 data_format = "splunkmetric"
 splunkmetric_hec_routing = false

On the universal forwarder where my telegraf is running on, i create a inputs.conf stanza for the metrics.out file

[monitor:///var/snmplog/*.out]
disabled = false
index = telegraf
sourcetype = telegraf

and in my company app a props.conf stanza for the sourcetype telegraf

[telegraf]
category = Metrics
description = Telegraf Metrics
pulldown_type = 1
DATETIME_CONFIG =
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = true
disabled = false
INDEXED_EXTRACTIONS = json
KV_MODE = none
TIMESTAMP_FIELDS = time
TIME_FORMAT = %s.%3N
LINE_BREAKER = ([\r\n]+)

I tried to create the index "telegraf" as event index and also as "metrics" index. What is the right type of index for telegraf sending as splunkmetrics?

Running with metrics index type i dont see any events.

Running with event type index, i see events, but no fields are extracted and i have a big event with hundreds of values.

{"_value":103672,"metric_name":"diskio.weighted_io_time","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.writes","name":"loop2","time":1612282330}{"_value":47713280,"metric_name":"diskio.read_bytes","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.write_bytes","name":"loop2","time":1612282330}{"_value":114060,"metric_name":"diskio.read_time","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.write_time","name":"loop2","time":1612282330}{"_value":3872,"metric_name":"diskio.io_time","name":"loop2","time":1612282330}{"_value":39751,"metric_name":"diskio.reads","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.merged_reads","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.merged_writes","name":"loop2","time":1612282330}{"_value":0,"metric_name":"diskio.writes","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.write_bytes","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.write_time","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.io_time","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.merged_reads","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.merged_writes","name":"loop3","time":1612282330}{"_value":20,"metric_name":"diskio.reads","name":"loop3","time":1612282330}{"_value":32768,"metric_name":"diskio.read_bytes","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.read_time","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.weighted_io_time","name":"loop3","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"loop3","time":1612282330}{"_value":13287963,"metric_name":"diskio.reads","name":"sda","time":1612282330}{"_value":26131311,"metric_name":"diskio.writes","name":"sda","time":1612282330}{"_value":315109941248,"metric_name":"diskio.read_bytes","name":"sda","time":1612282330}{"_value":636415049728,"metric_name":"diskio.write_bytes","name":"sda","time":1612282330}{"_value":53542148,"metric_name":"diskio.write_time","name":"sda","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"sda","time":1612282330}{"_value":83744736,"metric_name":"diskio.read_time","name":"sda","time":1612282330}{"_value":30181608,"metric_name":"diskio.io_time","name":"sda","time":1612282330}{"_value":137261312,"metric_name":"diskio.weighted_io_time","name":"sda","time":1612282330}{"_value":142855,"metric_name":"diskio.merged_reads","name":"sda","time":1612282330}{"_value":36168488,"metric_name":"diskio.merged_writes","name":"sda","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"sda1","time":1612282330}{"_value":0,"metric_name":"diskio.writes","name":"sda1","time":1612282330}{"_value":48879616,"metric_name":"diskio.read_bytes","name":"sda1","time":1612282330}{"_value":3652,"metric_name":"diskio.read_time","name":"sda1","time":1612282330}{"_value":0,"metric_name":"diskio.write_time","name":"sda1","time":1612282330}{"_value":3652,"metric_name":"diskio.weighted_io_time","name":"sda1","time":1612282330}{"_value":1743,"metric_name":"diskio.reads","name":"sda1","time":1612282330}{"_value":0,"metric_name":"diskio.write_bytes","name":"sda1","time":1612282330}{"_value":3652,"metric_name":"diskio.io_time","name":"sda1","time":1612282330}{"_value":0,"metric_name":"diskio.merged_reads","name":"sda1","time":1612282330}{"_value":0,"metric_name":"diskio.merged_writes","name":"sda1","time":1612282330}{"_value":636415049728,"metric_name":"diskio.write_bytes","name":"sda2","time":1612282330}{"_value":53542148,"metric_name":"diskio.write_time","name":"sda2","time":1612282330}{"_value":30176468,"metric_name":"diskio.io_time","name":"sda2","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"sda2","time":1612282330}{"_value":142855,"metric_name":"diskio.merged_reads","name":"sda2","time":1612282330}{"_value":36168488,"metric_name":"diskio.merged_writes","name":"sda2","time":1612282330}{"_value":13282111,"metric_name":"diskio.reads","name":"sda2","time":1612282330}{"_value":314988112896,"metric_name":"diskio.read_bytes","name":"sda2","time":1612282330}{"_value":83727040,"metric_name":"diskio.read_time","name":"sda2","time":1612282330}{"_value":137243956,"metric_name":"diskio.weighted_io_time","name":"sda2","time":1612282330}{"_value":26131311,"metric_name":"diskio.writes","name":"sda2","time":1612282330}{"_value":0,"metric_name":"diskio.merged_writes","name":"loop0","time":1612282330}{"_value":0,"metric_name":"diskio.write_bytes","name":"loop0","time":1612282330}{"_value":0,"metric_name":"diskio.merged_reads","name":"loop0","time":1612282330}{"_value":17583104,"metric_name":"diskio.read_bytes","name":"loop0","time":1612282330}{"_value":42544,"metric_name":"diskio.read_time","name":"loop0","time":1612282330}{"_value":0,"metric_name":"diskio.write_time","name":"loop0","time":1612282330}{"_value":1432,"metric_name":"diskio.io_time","name":"loop0","time":1612282330}{"_value":36456,"metric_name":"diskio.weighted_io_time","name":"loop0","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"loop0","time":1612282330}{"_value":12320,"metric_name":"diskio.reads","name":"loop0","time":1612282330}{"_value":0,"metric_name":"diskio.writes","name":"loop0","time":1612282330}{"_value":0,"metric_name":"diskio.write_bytes","name":"loop1","time":1612282330}{"_value":162976,"metric_name":"diskio.read_time","name":"loop1","time":1612282330}{"_value":0,"metric_name":"diskio.iops_in_progress","name":"loop1","time":1612282330}{"_value":0,"metric_name":"diskio.merged_reads","name":"loop1","time":1612282330}{"_value":0,"metric_name":"diskio.writes","name":"loop1","time":1612282330}{"_value":36114432,"metric_name":"diskio.read_bytes","name":"loop1","time":1612282330}{"_value":5880,"metric_name":"diskio.io_time","name":"loop1","time":1612282330}{"_value":139632,"metric_name":"diskio.weighted_io_time","name":"loop1","time":1612282330}{"_value":0,"metric_name":"diskio.merged_writes","name":"loop1","time":1612282330}{"_value":26595,"metric_name":"diskio.reads","name":"loop1","time":1612282330}{"_value":0,"metric_name":"diskio.write_time","name":"loop1","time":1612282330}

What goes wrong? What is missing? Can someone help me?

Thanks

best regards

Stefan

Integrate telegraf not working as expected

configuration

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!